CVE-2025-11936

Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello

Description

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to excessive CPU and memory consumption during ClientHello processing.

INFO

Published Date :

2025-11-21T22:24:27.443Z

Last Modified :

2025-11-21T22:24:27.443Z

Source :

wolfSSL

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11936 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11936.

URL	Resource
https://github.com/wolfSSL/wolfssl
https://github.com/wolfSSL/wolfssl/pull/9117

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability